SHA1:
- e0d4ed2d470808f33b1384d8b9cec6e16142a17c
The Trojan intended to steal confidential information on computers running Microsoft Windows. Self-name is Ovidiy Stealer, the author of the Trojan is a virus writer, hiding under the pseudonym TheBottle.
The stealer has a modular architecture, written in .NET. The malicious program steals stored passwords from Google Chrome browsers, Kometa browser, Amigo browser, Torch browser, Orbitum browser and Opera, as well as passwords from the FileZilla application. To communicate with its managing server, the Trojan uses SSL/TLS protocols. Having established the connection, it sends the following information to cybercriminals:
- Windows user name;
- DiskID and ProcessorID;
- Trojan’s version;
- OS version;
- mailicious program user name.
Based on 8 characters of DiskID and 16 characters of ProcessorID, each infected device is assigned with a unique identifier. If the Trojan manages to steal passwords from the target applications, it transfers them to the managing server in the form of a specially formed request.